"We learned there was an intrusion April 19 and subsequently shut the services down," spokesman Patrick Seybold told the Los Angeles Times in an e-mail -- after the company acknowledged a hacker stole the names, addresses, e-mail addresses, PlayStation user names and passwords, birth dates and possibly credit-card numbers and expiration dates for 77 million people who play online videogames through Sony's PlayStation console.
"It took our experts until [Monday] to understand the scope of the breach," Seybold's e-mail said. "We then shared that information with our consumers and announced it publicly [Tuesday] afternoon."
The world's No. 5 media conglomerate reported the breach to the FBI in San Diego, which specializes in computer crime, law-enforcement officials told The New York Times. A San Francisco FBI spokeswoman told The Wall Street Journal she might have information in a few days, but declined further comment.
The breach, which prompted Sony to shut down the system, could rank among the biggest data breaches in Internet history, experts said.
The company said it planned to get parts of the PlayStation Network services back up "within a week." It will be the network's longest shutdown since its 2006 inception.
Sony warned PlayStation Network members "out of an abundance of caution" to closely watch their credit-card statements for unauthorized charges. It also told members to "remain vigilant" for identity theft and to be on guard against e-mail, phone and postal scams aided by the lost personal information.
The Sony Qriocity service, which streams audio and video to high-end Sony televisions, Blu-ray disc players and other Web-enabled Sony devices, was also knocked offline, Sony said.
U.S. Sen. Richard Blumenthal, D-Conn., sent a letter to Sony saying he was "troubled by the failure of Sony to immediately notify affected customers of the breach."
"When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised," his letter said.
Blumenthal called on Sony to provide PlayStation Network users with "financial data security services, including free access to credit-reporting services for two years." And he said affected customers should also "be provided with sufficient insurance to protect them from the possible financial consequences of identity theft."
Sony had no immediate public comment on Blumenthal's letter.
No individual or group claimed responsibility for the data breach. A well-known vigilante hacking group known as Anonymous, blamed for earlier attacks on Sony and PlayStation Web sites, denied any responsibility.
"For once we didn't do it," the group's Web site said, although it said "other Anons [may] have acted "by themselves."